W3C home > Mailing lists > Public > www-tag@w3.org > June 2007

Re: [passwordInTheClear-52]: A summary of where I think we are.

From: John Cowan <cowan@ccil.org>
Date: Wed, 27 Jun 2007 12:46:42 -0400
To: "Williams, Stuart (HP Labs, Bristol)" <skw@hp.com>
Cc: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>, www-tag@w3.org, "Rice, Ed (ProCurve)" <ed.rice@hp.com>
Message-ID: <20070627164642.GD3654@mercury.ccil.org>

Williams, Stuart (HP Labs, Bristol) scripsit:

> 1) Some regard that there are reasonable use cases for weak protection
> of passwords - and demur against the Good Practice advice: "A client or
> browser SHOULD NOT transmit passwords in clear text." 


> 	a desire to find a reliable basis on which to advise that UA's
> detect weakly protected password transfers; 

This combination strikes me as counterproductive.  I have made decisions
I consider to be rational that low-security passwords suffice for
certain kinds of sites: for example, sites that let me subscribe or
unsubscribe to mailing lists.  If my browser yammers every time I
deal with such a site, I will shut it up, get someone else to shut it up,
or find a less compliant but more usable browser.  I don't think I'm
alone in this feeling.

All Norstrilians knew what laughter was:        John Cowan
it was "pleasurable corrigible malfunction".    cowan@ccil.org
        --Cordwainer Smith, Norstrilia
Received on Wednesday, 27 June 2007 16:46:53 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:56:16 UTC